Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:133-1 (irssi)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66480

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:133-1 (irssi)

Resumen: The remote host is missing an update to irssi;announced via advisory MDVSA-2009:133-1.

Descripción: Summary:
The remote host is missing an update to irssi
announced via advisory MDVSA-2009:133-1.

Vulnerability Insight:
A vulnerability has been found and corrected in irssi:

Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers
to cause a denial of service (crash) via an empty command, which
triggers a one-byte buffer under-read and a one-byte buffer underflow
(CVE-2009-1959).

This update provides fixes for this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1959
BugTraq ID: 35399
http://www.securityfocus.com/bid/35399
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:133
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
http://www.openwall.com/lists/oss-security/2009/05/29/3
http://www.securitytracker.com/id?1022410
http://secunia.com/advisories/35685
http://secunia.com/advisories/35812
http://secunia.com/advisories/36152
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.ubuntu.com/usn/usn-800-1
http://www.vupen.com/english/advisories/2009/1596
XForce ISS Database: irssi-eventwallops-dos(51184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51184

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66480
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:133-1 (irssi)
Resumen:	The remote host is missing an update to irssi;announced via advisory MDVSA-2009:133-1.
Descripción:	Summary: The remote host is missing an update to irssi announced via advisory MDVSA-2009:133-1. Vulnerability Insight: A vulnerability has been found and corrected in irssi: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow (CVE-2009-1959). This update provides fixes for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1959 BugTraq ID: 35399 http://www.securityfocus.com/bid/35399 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:133 http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/ http://www.openwall.com/lists/oss-security/2009/05/29/3 http://www.securitytracker.com/id?1022410 http://secunia.com/advisories/35685 http://secunia.com/advisories/35812 http://secunia.com/advisories/36152 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.ubuntu.com/usn/usn-800-1 http://www.vupen.com/english/advisories/2009/1596 XForce ISS Database: irssi-eventwallops-dos(51184) https://exchange.xforce.ibmcloud.com/vulnerabilities/51184
Copyright	Copyright (C) 2009 E-Soft Inc.